Spork

Spork is a Windows Networking brute-force and information gathering tool. Designed to allow a penetration test team to more easily browse and attack specific systems in large networks, Spork uses null sessions and unprivileged logins to download account lockout and password policies. Spork can then be set to automatically avoid lockout policies and download password hashes from compromised systems.

First released somewhere around 1996, Spork was originally designed to provide a more friendly interface to exploit null sessions in Windows NT 3.51 and Windows NT 4.0 systems. Techniques used at the time relied on creating one-way trust relationships with target systems and then browsing file security tabs to discover user names and group memberships. Since then Spork has evolved to include multi-threaded password attacks, long term brute force procedures, and password hash manipulation. Try it for yourself.

WARNING! Spork 1.0beta has a bug which causes it to miscalculate lockout policies when trying to avoid them during a brute force login attack. This WILL cause account to be locked out on systems that have lockouts enabled. A new version will be uploaded soon.